EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance
Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.
Good AI governance starts with proactive, continuous risk assessments
Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.
Irish DPC fines LinkedIn $335M over GDPR violations related to targeted advertising
The Irish Data Protection Commission fined Microsoft-owned LinkedIn 310 million euros (U.S. $335 million) over violations of the European Union’s General Data Protection Regulation related to the social media company’s data processing and targeted advertising.
Pace of innovation will make EU AI Act hard to enforce, experts say
Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.
Photo gallery: Compliance Week Europe 2024
Compliance Week Europe, held Oct. 15-16 in Amsterdam in partnership with our sister organization the Internation Compliance Association, gathered more than 200 GRC professionals across industries. Check out some of the sights from the event.
Control and delete: How regulators can shutdown companies’ AI investments
Companies are increasingly putting their faith in AI to realize the kind of business benefits that the technology seems to promise, but they are also opening themselves up to new and potentially crippling sanctions if they are unable to answer questions that surround how AI operates.
Irish DPC fines Meta $102M over GDPR violation linked to improper storage of passwords
The Irish Data Protection Commission fined Meta Ireland 91 million euros (U.S. $102 million) for multiple violations of the European Union’s General Data Protection Regulation related to the inadvertent storage of user passwords without encryption.
AI misuse could lead to sanctions from multiple regulators, experts warn
The proliferation of AI, as well as the promised business cases promoting its use, has led companies around the world to quickly invest in the technology. Executives hope these AI tools will improve efficiencies, reduce costs, and help them stay competitive. But it could lead to just the opposite.
Clearview AI’s GDPR fines rise to $110M total after latest penalty by Dutch DPA
Clearview AI was fined 30.5 million euro (U.S. $33.8 million) by the Dutch Data Protection Authority and ordered to stop collecting images of Dutch citizens in the latest enforcement action against the U.S. company.
Dutch DPA fines Uber $324M over transferring driver data to U.S.
The Dutch Data Protection Authority fined Uber 290 million euros (U.S. $323.7 million) for illegally transferring data on European drivers to American servers and failing to appropriately safeguard the transfers.
Spanish DPA dings retailer Uniqlo $294K over GDPR violations
Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.
What’s the problem for GDPR repeat offenders?
The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.
Czech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
EDPB decision sparks ‘consent or pay’ debate for Big Tech firms
Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.
Focused on consumer privacy? Don’t forget employees’ rights
The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.
New leadership no easy fix for Irish DPC’s GDPR woes
The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.
ICO primed for enforcement increase behind new fining guidance?
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
Privacy by design a silver bullet for stemming AI risks?
The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
Italian DPA fines UniCredit $3M over data breach GDPR lapses
The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.
Public consultation on GDPR opens door for changes
Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.
Toeing the ‘fine line’ of cloud security compliance
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
The blurred lines of employee monitoring under GDPR
The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.
Examining precedent set by French DPA’s Amazon employee monitoring fine
The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.
Uber facing $11M fine over driver privacy rights violations
Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.
Meta’s ‘pay or consent’ model to force GDPR to adapt?
Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.
ICO seeking input on generative AI to inform guidance
The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.
Amazon unit fined $35M under GDPR for employee productivity tracking
Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.
GDPR-minded Microsoft offers cloud customers EU-based personal data storage
Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.